{"result": {"seebug": [{"description": "Summary: \n \nExim is an open source mail client.< br/>Exim in daemon_go()function to submit the parameters the lack of a correct Check, a local attacker could exploit this vulnerability to submit malicious parameters to the format string attack to root privileges on the system to execute arbitrary commands.< br/>in the daemon. c, 976 row daemon_go()function in the presence of a format string vulnerability: \nsprintf(CS buff, CS pid_file_path, \"a\"); /* Backward compatibility */ \npid_file_path can be in the command line entered by the user, if an attacker submitted contains malicious format string parameter, it can result in overwriting memory of any address in the root user permission to execute arbitrary instructions.< br/>but this function only if the user is exim-admin-user only will be executed, and you'exim-admin-user'must be in the exim compilation phase specified.< br/>\n", "edition": 1, "title": "Exim Internet Mailer 3.35/3.36/4.10 Format String Vulnerability", "references": [], "cvss": {"vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/", "score": 7.2}, "href": "https://www.seebug.org/vuldb/ssvid-75879", "published": "2014-07-01T00:00:00", "type": "seebug", "lastseen": "2016-07-28T08:17:46", "objectVersion": "1.0", "hash": "88da3eaf35522527942c453eeb77c0329322f1f8dddc79ca2152cb2dae71a74c", "reporter": "Root", "modified": "2014-07-01T00:00:00", "cvelist": ["CVE-2002-1381"], "bulletinFamily": "exploit", "id": "SSV-75879"}]}}